unilad homepage
unilad homepage
  • News
    • UK News
    • US News
    • World News
    • Crime
    • Health
    • Money
    • Sport
    • Travel
  • Music
  • Technology
  • Film and TV
    • News
    • DC Comics
    • Disney
    • Marvel
    • Netflix
  • Celebrity
  • Politics
  • Advertise
  • Terms
  • Privacy & Cookies
  • LADbible Group
  • LADbible
  • SPORTbible
  • GAMINGbible
  • Tyla
  • UNILAD Tech
  • FOODbible
  • License Our Content
  • About Us & Contact
  • Jobs
  • Latest
  • Archive
  • Topics A-Z
  • Authors
Facebook
Instagram
X
Threads
TikTok
YouTube
Submit Your Content
FBI issues critical hack warning to Microsoft users - and wants them to do four specific things
Home>Technology
Published 08:22 1 Jun 2026 GMT+1

FBI issues critical hack warning to Microsoft users - and wants them to do four specific things

A new hacking tool is being sold on Telegram and uses AI to make its attacks more convincing

Thomas Bamford

Thomas Bamford

google discoverFollow us on Google Discover

If you use Microsoft 365 for work or personal emails, the FBI wants you to pay attention, because a new hacking tool can get into your account without ever needing your password.

The warning, issued by the FBI, flags a phishing platform called Kali365 that was first spotted in April.

It's being distributed through Telegram and is specifically designed to bypass multi-factor authentication, the extra layer of security most people rely on to keep their accounts safe.

In other words, even if you've done everything right, this can still get you.

Advert

What makes Kali365 particularly nasty is that it doesn't require any real technical skill to use. The tool does the heavy lifting for attackers, deploying AI-generated phishing lures and allowing criminals to target and track individuals in real time.

The warning, issued by the FBI on Thursday, flags a phishing platform called Kali365 that was first spotted in April (Getty stock image)
The warning, issued by the FBI on Thursday, flags a phishing platform called Kali365 that was first spotted in April (Getty stock image)

How the scam works

It starts with a phishing email pretending to be from a legitimate source, typically something familiar like a document sharing service.

The email contains a device code and instructions to visit a genuine Microsoft verification page and enter it.

Here's the trap: the Microsoft page you're sent to is real. But by entering that code, you're unknowingly authorising the attacker to access your account.

From that point, they can capture authorization tokens that hand them full access to your Microsoft 365 suite, your Outlook emails, Teams messages and OneDrive files, without ever needing your password or triggering your two-factor authentication.

By the time you realize something is wrong, they're already in.

The FBI has issued four specific recommendations to protect yourself from a Kali365 attack (Getty stock)
The FBI has issued four specific recommendations to protect yourself from a Kali365 attack (Getty stock)

The four things the FBI wants you to do right now

The FBI has issued four specific recommendations to protect yourself from a Kali365 attack:

  • Create a conditional access policy that blocks all users from device code flow, with limited exceptions.
  • Check who currently has access to code flow usage and make sure every single one of them is legitimate.
  • Block the ability for users to transfer authentication from computers to mobile devices.
  • Exclude emergency access accounts to prevent lockouts.
Microsoft said they are: "actively working to disrupt the cybercriminal ecosystems behind phishing-as-a-service and account takeover activity to protect our customers." (Getty stock image)
Microsoft said they are: "actively working to disrupt the cybercriminal ecosystems behind phishing-as-a-service and account takeover activity to protect our customers." (Getty stock image)

What Microsoft says

A Microsoft spokesperson has backed the FBI's guidance and added a few extra steps of their own, according to Nexstar.

Learn to spot phishing attempts before you fall for them in the first place. Don't open files from unknown senders, which could download malware onto your device. And make sure your operating system and all applications are fully updated with the latest security patches.

The company added it is 'actively working to disrupt the cybercriminal ecosystems behind phishing-as-a-service and account takeover activity to protect our customers'.

The bottom line: if you got an unexpected email recently asking you to enter a code into a Microsoft page, it's worth checking whether your account has been compromised, and running through the FBI's checklist regardless.

Featured Image Credit: Getty Stock Photo

Topics: Technology, Microsoft, World News

Thomas Bamford
Thomas Bamford

Advert

Advert

Advert

Choose your content:

6 days ago
12 days ago
13 days ago
16 days ago
  • Getty stock image
    6 days ago

    Little known iPhone trick can stop people from being able to snoop through your phone

    Apple actually built the feature for a completely different reason

    Technology
  • Marvel Rivals
    12 days ago

    New Captain America suit in Marvel Rivals video game sparks controversy with X-rated detail

    Captain America's celebrating the Fourth of July in a very unique way...

    Technology
  • David Paul Morris/Bloomberg via Getty Images
    13 days ago

    Mark Zuckerberg weighs in after Bill Gates predicts four jobs will survive AI

    Mark Zuckerberg was at odds with Bill Gates' claim that AI would take over the workforce

    Technology
  • Getty Stock
    16 days ago

    AI lists 10 jobs it's likely to take over as one layer of human workforce is 'shrinking'

    There are many concerns about AI, and one of them is whether it could take our jobs

    Technology
  • FBI warns iPhone and Android users to hang up the call if you hear this
  • FBI reveals three signs your smart device has been secretly hacked
  • Cruise ship issues statement after passenger mysteriously dies prompting FBI investigation
  • 3 crucial things Americans should do immediately if there was a nuclear strike